Unlock instant, AI-driven research and patent intelligence for your innovation.

Method for verifying completeness of platform, network device and network system

A technology for integrity verification and platform integrity, applied in safety devices, electrical components, wireless communications, etc., can solve problems such as time extension, low efficiency, and failure to repair in time, and achieve the effect of improving efficiency

Active Publication Date: 2010-07-21
HUAWEI TECH CO LTD
View PDF0 Cites 18 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In the existing technology, the verification of the integrity of the platform is only performed by the access device unilaterally. Integrity verification is only performed unilaterally by the network side, which is time-consuming and inefficient

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for verifying completeness of platform, network device and network system
  • Method for verifying completeness of platform, network device and network system
  • Method for verifying completeness of platform, network device and network system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0040] Such as figure 1 As shown, the embodiment of the present invention provides a method for platform integrity verification, which may include:

[0041] Step S102, receiving information from the access device, the information including the integrity metric value information and partial integrity verification results obtained by the access device according to the integrity verification strategy;

[0042]The subject of execution of this step can be a network-side device, specifically a SeGW (Security Gateway), or an independent verification entity network element, such as AAAserver (AAA server), HLR (Home Location Register), HSS (Home Subscriber Server), OAM server, AHR (Access Point homeregister), MME (mobility management entity), etc., which store integrity reference values, perform remote verification, issue policies, etc., and perform access control or service access control according to the judgment results. The access device may be: a home base station, or an eNB in ​...

Embodiment 2

[0055] Such as figure 2 As shown, the embodiment of the present invention provides a method for platform integrity verification, which may include:

[0056] Step S202, collecting local integrity measurement value information according to the integrity verification strategy;

[0057] The execution subject of this step may be an access device, more specifically, may be a security unit, such as TrE or TPM.

[0058] The integrity verification policy can be issued by the network side device to the access device, or can be stored on the access device, and sent to the access device when the network side device is updated periodically or triggered by an event.

[0059] Step S204, perform integrity verification on some local components according to the integrity verification policy, and obtain partial integrity verification results;

[0060] The subject of this step can be the access device, such as the security unit of the access device. Generally speaking, it can be a security uni...

Embodiment 3

[0074] Such as image 3 As shown, the embodiment of the present invention provides a method for platform integrity verification, and the mobile communication network in which the access device is an H(e)NB (Home Base Station) is used as a specific scenario for illustration. The H(e)NB is installed with a logically independent The host device is the security chip of the H(e)NB, which can provide a safe and reliable environment for software execution and sensitive data storage, such as TrE or TPM. The method can include:

[0075] S302. The H(e)NB requests the network side to access the network;

[0076] In this step, in addition to the access request, it may also be a service access request, such as a request for a certain application layer service with a high level of security trust, such as online transactions, electronic banking, and the like.

[0077] S304. The security gateway on the network side issues an integrity verification policy to the H(e)NB, indicating which comp...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for verifying the completeness of a platform, a network device and a network system. The method comprises the following steps: information from an access device is received, the information comprises completeness metric information which is acquired by the access device according to the completeness verification strategy and partial completeness verification results; and the received information is analyzed and judged, and access control or service access control is performed on the access device according to the judgment results. Through the method, the completeness verification of the device platform can be reasonably divided in local and remote, so the completeness verification efficiency is improved.

Description

technical field [0001] The embodiments of the present invention relate to the field of communication technologies, and in particular, relate to a method for verifying platform integrity, an access device, a network device and a network system. Background technique [0002] In some communication systems, wireless access devices are exposed outside the operator's controllable network, and access the operator's core network through an open and insecure bearer network. For example, an eNB in ​​an LTE (Long Term Evolution) network, or a femtocell base station (home NodeB) in a Universal Mobile Telecommunications System (Universal Mobile Telecommunications System, UMTS), a femtocell base station (home NodeB) in LTE, Or the Access Point in the wireless local area network WLAN, etc. When accessing the operator's core network, the core network (or the access gateway representing the core network) needs to verify the platform integrity of the device in addition to authenticating the ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04W12/06H04W12/08H04W24/04H04W12/10
CPCH04W12/02H04W12/108
Inventor 位继伟张宁庄小君王敏生
Owner HUAWEI TECH CO LTD